Lucene search
RustsecRUSTSEC-2020-0031HistoryJun 16, 2020 - 12:00 p.m.
HTTP Request smuggling through malformed Transfer Encoding headers
2020-06-1612:00:00
rustsec.org
9
0.001 Low
EPSS
Percentile
44.1%
HTTP pipelining issues and request smuggling attacks are possible due to incorrect
Transfer encoding header parsing.
It is possible conduct HTTP request smuggling attacks (CL:TE/TE:TE) by sending invalid Transfer Encoding headers.
By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information
from requests other than their own.
Related
fedora
fedora
[SECURITY] Fedora 35 Update: rust-tiny_http-0.8.2-1.fc35
2021-12-13 01:04:16
[SECURITY] Fedora 34 Update: rust-tiny_http0.6-0.6.4-1.fc34
2021-12-13 00:59:27
[SECURITY] Fedora 35 Update: rust-tiny_http0.6-0.6.4-1.fc35
2021-12-13 01:04:16
osv
osv
HTTP Request smuggling through malformed Transfer Encoding headers
2020-06-16 12:00:00
CVE-2020-35884
2020-12-31 10:15:16
HTTP Request smuggling in tiny_http
2021-08-25 20:48:56
openvas
openvas
Fedora: Security Advisory for rust-tiny_http (FEDORA-2021-c824326120)
2021-12-15 00:00:00
Fedora: Security Advisory for rust-drg (FEDORA-2021-c824326120)
2021-12-15 00:00:00
Fedora: Security Advisory for rust-drg (FEDORA-2021-571e3ed33c)
2021-12-15 00:00:00
cvelist
cvelist
CVE-2020-35884
2020-12-31 08:25:45
prion
prion
Design/Logic Flaw
2020-12-31 10:15:00
nvd
nvd
CVE-2020-35884
2020-12-31 10:15:16
cve
cve
CVE-2020-35884
2020-12-31 10:15:16
github
github
HTTP Request smuggling in tiny_http
2021-08-25 20:48:56